ISO/IEC 27002: Information technology – Security techniques – Code of practice for information security controls is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC).
NIST Special Publication 800-53 provides a catalog of security controls for all U.S. federal information systems except those related to national security. It is published by the National Institute of Standards and Technology, which is a non-regulatory agency of the United States Department of Commerce. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act of 2002 (FISMA) and to help with managing cost effective programs to protect their information and information systems.
The NIST Cybersecurity Framework (CSF) provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks. It “provides a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.”
The Center for Internet Security (CIS) Critical Security Controls (CSC) for Effective Cyber Defense is a publication of best practice guidelines for computer security. The publication was initially developed by the SANS Institute and then transferred to Center for Internet Security (CIS). It is also known as the Consensus Audit Guidelines (CAG 20), CIS CSC, CIS 20, CCS CSC or SANS Top 20.